Security Basics mailing list archives
Re: Host IPS -vs- Network IPS? Do we need both?
From: "adeel hussain" <ad33lh () gmail com>
Date: Thu, 4 Dec 2008 14:59:13 -0500
Hello, It all comes down to perimeters and risk. Do you have remote or traveling workers? If so, they will often be outside the protection provided by your enterprise NIPS and HIPS would be better. So if you have to choose then look at your environment and select the most secure, least cost/overhead option. As for alternatives such as file integrety checkers and AV... nothing gets it all and each addition is an improvement. You must wiegh the cost in purchase, support and performance against the benefit gained and the workforces willingnes to "put up with" any performance hits. Typically file integrety checkers can only be used with specific system files and will not prevent or detect viruses that do not target those files (providing a false sence of secuirty). AV, even regularly updated, will not catch everything and all variants but your best bet is one that is, or includes, heuristic detection to improve the chance of it catching hostile code that it does not have specific definitions for. Hope this helps. Adeel On Wed, Dec 3, 2008 at 11:48 AM, <lister () lihim org> wrote:
Some IPS vendors do not offer a Host IPS solution Is there really a need for Host IPS if you already have Network IPS covering the same network area? What about if you already have other solutions on the host (ie. file integrity)? The overhead associated with Host IPS is very high (manage agent installs, kernel module conflicts, etc). Just curious if Host IDS is worth it if the same coverage is provided with a Network IDS.
Current thread:
- Host IPS -vs- Network IPS? Do we need both? lister (Dec 03)
- Re: Host IPS -vs- Network IPS? Do we need both? adeel hussain (Dec 04)
- <Possible follow-ups>
- Re: Host IPS -vs- Network IPS? Do we need both? krymson (Dec 04)